diff options
author | Nick Mathewson <nickm@torproject.org> | 2008-05-12 21:12:01 +0000 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2008-05-12 21:12:01 +0000 |
commit | 0fa5a9de051f2f6613112b297ee6c0028e6a5ece (patch) | |
tree | 42da40fdf8e201ed0478e9f8985d7bfb301add29 | |
parent | 040754b3a04427e4f585c7943c532ea1f8a96bf4 (diff) | |
download | tor-0fa5a9de051f2f6613112b297ee6c0028e6a5ece.tar.gz tor-0fa5a9de051f2f6613112b297ee6c0028e6a5ece.zip |
r19713@catbus: nickm | 2008-05-12 17:10:37 -0400
Bugfix: an authority signature is "unrecognized" if we lack a dirserver entry for it, even if we have an older cached certificate that says it is recognized. This affects clients who remove entries from their dirserver list without clearing their certificate cache.
svn:r14596
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | src/or/networkstatus.c | 17 |
2 files changed, 13 insertions, 8 deletions
@@ -1,4 +1,8 @@ Changes in version 0.2.0.26-rc - 2008-05-?? + o Major bugfixes: + - List authority signatures as "unrecognized" based on DirServer lines, + not on cert cache. + o Minor features: - Add a new V3AuthUseLegacyKey option to make it easier for authorities to change their identity keys if they have to. diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index fec0c972dc..f599c1a62f 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -392,17 +392,18 @@ networkstatus_check_consensus_signature(networkstatus_t *consensus, { if (!voter->good_signature && !voter->bad_signature && voter->signature) { /* we can try to check the signature. */ + int is_v3_auth = trusteddirserver_get_by_v3_auth_digest( + voter->identity_digest) != NULL; authority_cert_t *cert = authority_cert_get_by_digests(voter->identity_digest, voter->signing_key_digest); - if (! cert) { - if (!trusteddirserver_get_by_v3_auth_digest(voter->identity_digest)) { - smartlist_add(unrecognized, voter); - ++n_unknown; - } else { - smartlist_add(need_certs_from, voter); - ++n_missing_key; - } + if (!is_v3_auth) { + smartlist_add(unrecognized, voter); + ++n_unknown; + continue; + } else if (!cert) { + smartlist_add(need_certs_from, voter); + ++n_missing_key; continue; } if (networkstatus_check_voter_signature(consensus, voter, cert) < 0) { |